Turn On or Off BitLocker for Operating System Drive in Windows 10  

@Brink i did just did right now and message shows if you cancel, it wont encrypt so i click okay. Now when i check c drive and right click it does show enable bitlocker which means it doesnt turn on.

@Brink


Okay so right now what i want to do is this right?


1. Since i have 128 bit default, should i change it to 256 bit or don't bother with it and thus skip step 1?

2. Go straight to step 5? Or should i do step 4? Do i want tpm or not? Because it seems step 4 is tpm and you putting a pin number as oppose to step 5 which is a password? What is difference between step 4 or 5? So you have 3 options here right? Step 3, 4 or 5? You pick? But aren't most people going to choose 5 since that is password?

@Brink


I assume i just go straight to step 5 right? I did not do this yet as im waiting to get a confirmation from you. But in step 5 it would be like this



C) In the right pane of Operating System Drives in Local Group Policy Editor, double click/tap on the Require additional authentication at startup policy to edit it. (see screenshot above)

D) Select Enabled at the top, check the Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) box under Options, and go to step 6 below. (see screenshot below)


After you click enabled, it seems to automatically check allow bitlocker without a compatible TPM right? So after this, do i press or OKAY or APPLY before going to step 7?

Brink, i did look at the 128 bit or 256 bit option in step 1. When i click on it, its not configured. Shouldn't it be 128 bit as the default? So if i dont do anything in this, it will do 128 bit? But if i want to do 256 bit, i have to manually change it myself? What is your recommendation for this? Im confused why it shows not configured?

@Brink. Is 128 bit good enough? Im not tech savy at all. Or you recommend changing it to 256 bit? I know it only requires you to manually change it yourself which takes 10 seconds or so. Do you recommend it or its not necessary? I just want to make it as simple as possible. So don't change it right?

@Brink


In my previous post, do i do step 4 which is TPM with pin or do i choose step 5 which is no TPM with password or usb?


Which is preferred and which is the method i want? What i want is everytime i turn on the computer, it ask me for the password where i manually type it in. So choose step 5 then? Or does step 4 still give you that option? I read those steps and it seems step 4 you can still do it still but its a pin instead of password? So it has to be numbers? Which is more secure or recommended? I assume simplest way is step 5 and should be what i want?

@Brink


Okay i will just stick with the 128 for now. I dont want to mess up any setting. But are you saying making it 128, its harder for someone to crack your password?


Okay i will do step 4 TPM Recommended. But the pin, that has to be numbers right? So i have to put like a 6-20 digit pin? So it has to be numbers and not letters? If so, isn't that harder to remember than a password? I mean if its a password as oppose to pin, wouldnt that be much tougher for a thief to get in?


Say your password is


thedogwentallThewaytotheotherside320490


compared to


3294839800 as the pin?



I mean it would be hard for me to remember say a 10 digit pin if its all numbers compared to a long phrase right? Example other programs like use such as keepass, i use a password that has mostly words.